[Secure-testing-team] Bug#839986: qemu: CVE-2016-7907: net: inifinte loop in imx_fec_do_tx() function
Salvatore Bonaccorso
carnil at debian.org
Fri Oct 7 06:41:18 UTC 2016
Source: qemu
Version: 1:2.6+dfsg-3.1
Severity: normal
Tags: security upstream
Hi,
the following vulnerability was published for qemu.
CVE-2016-7907[0]:
| The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick
| Emulator) does not properly limit the buffer descriptor count when
| transmitting packets, which allows local guest OS administrators to
| cause a denial of service (infinite loop and QEMU process crash) via
| vectors involving a buffer descriptor with a length of 0 and crafted
| values in bd.flags.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-7907
Regards,
Salvatore
More information about the Secure-testing-team
mailing list